<?php
/**
 * Created by PhpStorm.
 * User: Administrator
 * Date: 2021/8/29
 * Time: 10:00
 */
if(!session_id()) session_start();
header("Access-Control-Allow-Origin:*");
header('Access-Control-Allow-Methods:POST,GET');
header('Access-Control-Allow-Headers:x-requested-with,content-type');
require_once('dbServerConnect.php');
$con = new DB();
$link = $con->mySqlServer();

if (!$link) {
    echo '数据库连接失败';
    return;
}



// 判断请求类型
$method = $_SERVER['REQUEST_METHOD'];
//删除文章
if($method === "GET") {
    if (!isset($_GET['id'])) {
       echo "参数必要参数(ID)";
       return;
    }
    $getId = $_GET['id'];
    $username = $_GET['username'];

    // 判断该文章是不是本人写的,如果不是，则不能删除(超级管理员可以删除编辑任何人文章)
    $logSql = "select * from login where username='$username' and power='super'";
    $logRes = mysqli_query($link,$logSql) or die(mysqli_error($link));
    $logResult = mysqli_fetch_row($logRes);
    //  判断是否为super管理员
    if($logResult) {
        $sql = "delete from blog_container where id=$getId";
        $res = mysqli_query($link,$sql) or die(mysqli_error($link));
        if($res) {
            $res = array('result' => array('status' => 1,'mgs'=>'删除成功！'));
            echo json_encode($res);
        }
        else {
            $res = array('result' => array('status' => 0,'mgs'=>'删除失败！'));
            echo json_encode($res);
        }
    }
    // 如果不是管理员,判断该文章是不是本人写的,如果不是，则不能删除
    else {
        $sql = "select * from blog_container where id=$getId and author='$username'";
        $res = mysqli_query($link,$sql) or die(mysqli_error($link));
        $result = mysqli_fetch_row($res);
        if($result) {
            $sql = "delete from blog_container where id=$getId";
            $res = mysqli_query($link,$sql) or die(mysqli_error($link));
            if($res) {
                $res = array('result' => array('status' => 1,'mgs'=>'删除成功！'));
                echo json_encode($res);
            }
            else {
                $res = array('result' => array('status' => 0,'mgs'=>'删除成功！'));
                echo json_encode($res);
            }
        }
        else {
            $res = array('result' => array('status' => 0,'mgs'=>'你没有【权限】删除他人的帖子！'));
            echo json_encode($res);
        }
    }


}
//修改文章
else if ($method === "POST") {
    $jsonData = file_get_contents("php://input");
    $decodeData = json_decode($jsonData, true);
    $title = $decodeData['editForm']['title'];
    $description = $decodeData['editForm']['description'];
    $container = $decodeData['editForm']['container'];
    $tag = $decodeData['editForm']['tag'];
    $blogId = $decodeData['editForm']['blogId'];
    $username = $decodeData['editForm']['username'];
    $istop = $decodeData['editForm']['isTop'];
    $isHide = $decodeData['editForm']['isHide'];
    $title = str_replace("'", "''",$title);
    $description  = str_replace("'", "''", $description);
    $container = str_replace("'", "''",$container);
    $tag = str_replace("'", "''",$tag);


    // 判断该文章是不是本人写的,如果不是，则不能编辑(超级管理员可以删除编辑任何人文章)
    $logSql = "select * from login where username='$username' and power='super'";
    $logRes = mysqli_query($link,$logSql) or die(mysqli_error($link));
    $logResult = mysqli_fetch_row($logRes);
    //  判断是否为super管理员
    if($logResult) {
        $sql = "update blog_container set title='$title',description='$description',container='$container',tag='$tag',istop='$istop',ishide='$isHide',lastdate=now() where id=$blogId";
        $result = mysqli_query($link,$sql) or die(mysqli_error($link));
        if($result) {
            $res = array('result' => array('status' => 1,'mgs'=>'更新成功！'));
            echo json_encode($res);
        }
        else {
            $res = array('result' => array('status' => 0,'mgs'=>'更新失败！'));
            echo json_encode($res);
        }
    }
    // 不是管理员,则判断该帖子是不是自己写的，不是的话，不能删除
    else {
        $sql = "select * from blog_container where id=$blogId and author='$username'";
        $res = mysqli_query($link,$sql) or die(mysqli_error($link));
        $result = mysqli_fetch_row($res);
        if($result) {
            $sql = "update blog_container set title='$title',description='$description',container='$container',tag='$tag',istop='$istop',lastdate=now() where id=$blogId";
            $result = mysqli_query($link,$sql) or die(mysqli_error($link));
            if($result) {
                $res = array('result' => array('status' => 1,'mgs'=>'更新成功！'));
                echo json_encode($res);
            }
            else {
                $res = array('result' => array('status' => 0,'mgs'=>'更新失败！'));
                echo json_encode($res);
            }
        }
        else {
            $res = array('result' => array('status' => 0,'mgs'=>'你没有【权限】编辑他人的帖子！'));
            echo json_encode($res);
        }
    }



}

